Job Summary: This position is responsible for oversight, development and coordination of the Governance, Risk and Compliance program with client’s Cyber Security initiatives at the senior level. This position is responsible for working with senior managers and executive sponsors within our client organizations to define, classify and mitigate vulnerabilities and assess client-specific and sector-specific business risks, meet GRC-defined mandates (e.g., GDPR, PCI, HIPAA, GLBA, FISMA, ISO 27k, etc.), and other security compliance directives.

Responsibilities: Directly responsible for Policies, Procedures & Controls to assure both Governance as well as Compliance with applicable regulatory and legal requirements in balance with client’s level of Risk Exposure.

Establish and oversee formal risk analysis and self-assessments program for various Information Services systems and processes.

Work with executive sponsors, or serve as proxy CSO/CISO to provide an Executive level perspective of how to build and support a comprehensive cybersecurity program and how to measure “success” of the program for reporting to the Board and other Executives.

Enforce policies (as directed by the client or developed based on SOW/SLA/MSA) to ensure compliance with GRC-specific mandates based on business infrastructure sector or industry directives relating to client operations.

Establish and oversee a formal vulnerability and testing program.

Liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues; track security-related issues in the electronic GRC system.

Develop, promote and monitor the training and indoctrination of Security Risk Management, GRCP and Security Awareness by working with business units to ensure data is properly classified and (where applicable), applications are appropriately monitored for risk.

Maintain expertise on security trends through training, research and development in order to mitigate potential security exposures.

As needed, manage, coach, lead and develop a small staff of GRC personnel.

Train other staff and external clients as necessary.

Required Skills: Ability to work independently with or without direction and/or supervision.

Ability to prioritize and multitask. Flexibility and adaptability in work approach.

Calmness and clarity of thought under pressure and ability to maintain confidentially.

Strong written and verbal communication skills.

Demonstrated leader with team-oriented interpersonal skills

Ability to effectively interface with a broad range of people and roles.

Accept responsibility and personal accountability.

Manage schedules, development tasks and SDLC methodologies where Security issues may apply.